One unavailable database broke many Cloudflare products
Workers KV kept frequently requested data near users, but a central storage system still held the authoritative copy. When that system failed, Cloudflare could serve only data that was already cached.
Workers KV is a key-value database. An application stores a value under a key and retrieves it later, much like using a server-side cache. Cloudflare runs Workers KV across its worldwide network so frequently requested values can be served from a location near the user.
The nearby copy is only a cache, however. When a requested key is not already stored in that local cache, Workers KV must fetch it from central backing storage. Cloudflare calls this a cold read. A cold read means the cache did not have the value, so the request must travel to the backing storage to retrieve it. A cache miss means the same thing from the application's perspective. Writes also go through the backing storage, because that storage holds the authoritative copy. The authoritative copy is the definitive version of each value, kept in one central place.
On June 12, 2025, an outage at a third-party provider disrupted that backing storage. Already-cached reads could still work, but uncached reads and writes returned HTTP 500 or 503. Workers KV reported that 90.22% of requests failed. No data was lost. The service simply could not reach the authoritative copy while the backend was unavailable.
The failure then spread through products that used KV. Access, Cloudflare's authentication product, could not load identity and policy data, so logins were denied. Gateway could not evaluate some security rules. New WARP device registrations failed. Pages builds and Workers AI requests also failed because they needed configuration or routing data from KV.
Recovery was not instantaneous when storage returned. Services around the world tried to refill their caches at the same time. That surge of requests hit a backend that was still stabilizing, causing more errors. This incident is a recognizable distributed-systems failure. Many features shared one data dependency. Their caches covered only some reads. When the central store went down, most products had no useful fallback.
Workers KV saw 90.22% of requests failing// Cloudflare postmortem, June 2025
From the first signal to all-clear in 2h 28m.
The cache could hide the failure only when it already had the data.
Think of Workers KV as a globally distributed key-value database with a cache in many Cloudflare locations. A nearby cache could answer a read if it already held the requested value. If it did not, Workers KV had to fetch the value from central backing storage. Every write also had to reach that storage because it held the authoritative copy.
Part of that backing storage depended on a third-party cloud provider. When the provider had an outage, uncached reads and all writes failed with HTTP 500 or 503 errors. Cloudflare was partway through redesigning this backend and said the transition had left a gap in redundancy. Because many Cloudflare products stored important data in KV, the storage failure became an authentication, security, build, and AI outage too.